At the heart of computer systems such as browsers, mobile phones or chip-and-pin payment cards, is a cryptographic hash function, which is an algorithm that maps arbitrary data to relatively small numbers. (For example, a hash function might map a multi-megabyte digital movie to its hash value, an integer in the range between zero and 2160 , say.) The input data can be arbitrarily large but the hash value has to be of relatively small fixed size. For use in security systems, two properties must hold. First, it must be “computationally hard” to identify input data from its hash value (pre-image resistance) and, second, it must be “computationally hard” to identify two inputs that hash to the same value (collision resistance).

Cryptographic hash functions have an important role in technologies that rely upon digital signatures. Like their hand-written counterparts, digital signatures authenticate the source of a message or document and confirm its integrity and completeness. But in practice, it is its hash value that is signed rather than the document itself. Thus, if different documents have the same hash value, a recipient may be led to believe that one document had been signed when in fact the sender had signed a different document with the same hash value, with consequent breach of security.